The pike module keeps trace of all (or selected ones) incoming request's IP source and blocks the ones that exceed the limit. It works simultaneously for IPv4 and IPv6 addresses. The module does not implement any actions on blocking - it just simply reports that there is high traffic from an IP; what to do, is the administrator decision (via scripting).
| Parámetro | Tipo | Descripción |
|---|---|---|
| sampling_time_unit | integer | 3.2. reqs_density_per_unit (integer) 3.3. remove_latency (integer) 3.4. pike_log_level (integer) |
| reqs_density_per_unit | integer | 3.3. remove_latency (integer) 3.4. pike_log_level (integer) |
| remove_latency | integer | 3.4. pike_log_level (integer) |
| pike_log_level | integer | 3.1. sampling_time_unit (integer) |
| sampling_time_unit | integer | Time period in seconds used for sampling (or the sampling accuracy). The smaller the better, but slower. If you want to detect peeks, use a small one. To limit the access (like total number of request |
| reqs_density_per_unit | integer | How many requests should be allowed per sampling_time_unit before blocking all the incoming request from that IP. Practically, the blocking limit is between ( let's have x=reqs_density_per_unit) x and |
| remove_latency | integer | Specifies for how long the IP address will be kept in memory after the last request from that IP address. It's a sort of timeout value, in seconds. Note that it is not the duration to keep the IP in s |
| pike_log_level | integer | Syslog log level to be used by module to auto report the blocking (only first time) and unblocking of IPs detected as source of floods. |
4.2. pike_check_ip(ipaddr)
4.1. pike_check_req()
Process the source IP of the current request and return false if the IP was exceeding the blocking limit.
Process the IP address parameter and return false if it was exceeding the blocking limit. The return codes are the same from pike_check_req().
Copyright © 2003 FhG FOKUS
